<?php
session_start();
include "library.php";

//Redirect user if they have not logged in

if(!isset($_SESSION["username"])){
  header("Location:login.php");
}

//If user clicks logout button, terminate session and redirect

if(isset($_POST["logout"])){	
  session_unset();
  session_destroy();
  header("Location:home.php");
}

//If user is Admin, Redirect

if($_SESSION["position"] != 2 && $_SESSION["position"] != 3){ //Administrator cannot access this page
  header("Location:members.php");
}

//Print header
print_header($_SESSION["position"], 9);

$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");

//Display user information, some permanent, some in editable text field
$queryUser = sprintf("SELECT * FROM Users WHERE UserID = '%s' LIMIT 1",
	mysql_real_escape_string($_SESSION["username"],$pwdb));
$resultUser = dbquery($queryUser);
$UserObject = mysql_fetch_object($resultUser);

echo "<h2>My Account Info</h2><BR><BR>";
echo "<form method = \"post\">";
echo "First Name: <input type = \"text\" name = \"fname\" value = \"".$UserObject->FirstName."\" MAXLENGTH = 200/><br /><br />";
echo "Last Name: <input type = \"text\" name = \"lname\" value = \"".$UserObject->LastName."\" MAXLENGTH = 200/><br /><br />";
echo "Email: <input type = \"text\" name = \"email\" value = \"".$UserObject->Email."\" MAXLENGTH = 200/><br /><br />";
echo "UserID: ".$UserObject->UserID."<BR><BR>";

//If a Lead Researcher, else Researcher

if($UserObject->Position == 2){
  echo "Position: Lead Researcher<BR><BR>";
}else{
  echo "Position: Researcher<BR><BR>";
}
echo "<input type = \"submit\" name = \"Add\" value = \"Update Info!\"/><BR><BR>";
echo "</form>";

//If user presses Submit button, process information

if(isset($_POST["Add"])){
  $qUpdate = sprintf("UPDATE Users SET FirstName = '%s' , LastName = '%s', Email = '%s' WHERE UserID = '%s'",
	mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["fname"])),$pwdb),
	mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["lname"])),$pwdb),
	mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["email"])),$pwdb),
	mysql_real_escape_string($_SESSION["username"],$pwdb));
  dbquery($qUpdate);
  //Redirect user to same page so they can see the changes
  echo "<script>location.href='AccountInfo.php'</script>";
}

echo "<h2>My Files</h2><BR><BR>";
$queryUser = sprintf("Select UserNum FROM Users WHERE UserID = '%s'",
	mysql_real_escape_string($_SESSION["username"], $pwdb));
$resultUser = dbquery($queryUser);
$UserOb = mysql_fetch_object($resultUser);
$queryFiles = sprintf("SELECT * FROM Files Where User = '%s' ORDER BY Time DESC",
	mysql_real_escape_string($UserOb->UserNum, $pwdb));
$resultFiles = dbquery($queryFiles);
echo "<table id = \"filetable\"><form method = 'post'><tr><th>File</th><th>Tags</th><th>Upload Date</th><th>Public or Private</th><th>Link</th></tr>";

//While there are still files to be displayed, display

while($FilesOb = mysql_fetch_object($resultFiles)){
  //Need to display two different views based on if the files is public or private
  if($FilesOb->Public_Private == 0){
    if($FilesOb->ApproveFlag == 0){
      echo "<tr><td width = 150>$FilesOb->Name</td><td width = 150 height = 50>$FilesOb->Tag</td><td width = 150>".date("F j Y",$FilesOb->Time)."</td><td width = 100>Private</td><td width = 100><a href=\"/TEAMSCI/DetailView.php/?file_name=".$FilesOb->Name."\">Link</a></td></tr>";
    }else{
      echo "<tr><td width = 150>$FilesOb->Name</td><td width = 150 height = 50>$FilesOb->Tag</td><td width = 150>".date("F j Y",$FilesOb->Time)."</td><td width = 100>Private</td><td width = 100><a href=\"/TEAMSCI/DetailView.php/?file_name=".$FilesOb->Name."\">Link</a></td></tr>";
    }
  } else {
    echo "<tr><td width = 150>$FilesOb->Name</td><td width = 150 height = 50>$FilesOb->Tag</td><td width = 150>".date("F j Y",$FilesOb->Time)."</td><td width = 100>Public</td><td width = 100><a href=\"/TEAMSCI/DetailView.php/?file_name=".$FilesOb->Name."\">Link</a></td></tr>";
  }	
}
echo "</table><BR>";
print_footer();
?>